The Symantec Endpoint Protection Manager (SEPM) use two web servers: Internet Information Services (IIS) and Tomcat. IIS uses port 8014 - Tomcat uses port 9090 and 8443. The communication between IIS and Tomcat uses the HTTP protocol. IIS uses port 9090 to talk to Tomcat, Tomcat uses port 80 to talk to IIS.
Client-Server Communication:
For IIS SEP uses HTTP between the clients and the server. For the client server communication it uses port 8014 .
Remote Console:
9090 is used by the remote console to download .jar files and display the help pages.
8443 is used by the remote console to communicate with SEPM and the Replication Partners to replicate data.
Considering your scenario...
Just open 8014 in the firewall .Clients will connect to this port for communication.
SEPM is listening on port 8014 and waiting for connection.
You dont need to open ports (1024-65535) in the SEPM system.The concept is simple..When a client connects to a Webserver at some port [i.e 80 or 8014 ] it needs to open a random port in the local system to establish the communication ...that's how TCP/IP sockets work.
Simple example...
When you connect to google.com at port 80 You need to open a random port (i.e. 3355 )in the your machine aswell so that the webserver should also be communicate with you right ? That happens in the background but that's why random ports are used.
To see it..Just open some websites ..go to command prompt and type
netstat -nao
Go through this chart....IT clearly states that for client-server [SEPM] communication you need to open 8014
|
Port Number |
Port Type |
Initiated by |
Listening Process |
Description |
80, 8014 |
TCP |
SEP Clients |
svchost.exe (IIS) |
Communication between the SEPM manager and SEP clients and Enforcers. (8014 in MR3 and later builds, 80 in older). |
443 |
TCP |
SEP Clients |
svchost.exe (IIS) |
Optional secured HTTPS communication between a SEPM manager and SEP clients and Enforcers. |
1433 |
TCP |
SEPM manager |
sqlservr.exe |
Communication between a SEPM manager and a Microsoft SQL Database Server if they reside on separate computers. |
1812 |
UDP |
Enforcer |
w3wp.exe |
RADIUS communication between a SEPM manager and Enforcers for authenticating unique ID information with the Enforcer. |
2638 |
TCP |
SEPM manager |
dbsrv9.exe |
Communication between the Embedded Database and the SEPM manager. |
8443 |
TCP |
Remote Java or web console |
SemSvc.exe |
HTTPS communication between a remote management console and the SEPM manager. All login information and administrative communication takes place using this secure port. |
9090 |
TCP |
Remote web console |
SemSvc.exe |
Initial HTTP communication between a remote management console and the SEPM manager (to display the login screen only). |
8005 |
TCP |
SEPM manager |
SemSvc.exe |
The SEPM manager listens on the Tomcat default port. |
39999 |
UDP |
Enforcer |
|
Communication between the SEP Clients and the Enforcer. This is used to authenticate Clients by the Enforcer. |
2967 |
TCP |
SEP Clients |
Smc.exe |
The Group Update Provider (GUP) proxy functionality of SEP client listens on this port. |
|
source: http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/edda0cd89141a6788025734e004b6a02?OpenDocument